Crea8Social 1.3 – Persistent Cross-Site Scripting

• Exploit Database
• 127 阅读

• 作者： Halil Dalabasmaz
  日期： 2014-11-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35367/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: crea8social 1.3 Stored XSS Vulnerability # Date: 24-10-2014 # Exploit Author: Halil Dalabasmaz # Version: v1.3 # Vendor Homepage: http://codecanyon.net/item/crea8social-php-social-networking-platform-v13/9211270 # Tested on: Chrome & Iceweasel   # Vulnerability Description:   ===Stored XSS=== Create a page from "Pages" (/pages) section. "Page Website" input is not secure. You can run XSS payloads on "Page Website" input.   Sample Payload for Stored XSS: http://example.com/">[xssPayload]   =Solution= Filter the input field against to XSS attacks. ================